htpasswd -b /etc/origin/master/htpasswd dev dev
htpasswd -b /etc/origin/master/htpasswd admin admin
oc adm policy add-cluster-role-to-user cluster-admin admin
oadm policy add-scc-to-user privileged system:serviceaccount:default:router
oadm router router --replicas=1 --service-account=router
oadm registry --config=/opt/openshift/openshift.local.config/master/admin.kubeconfig --service-account=registry
rfc2307_config_tolerating.yaml

kind: LDAPSyncConfig
apiVersion: v1
url: ldap://127.0.0.1:389
bindDN: cn=Manager,dc=xxxx,dc=com
bindPassword: 12312313123121312313131313123123123213
insecure: true
rfc2307:
groupsQuery:
baseDN: "ou=TECH,o=xxxx,dc=xxxx,dc=com"
scope: sub
derefAliases: never
filter: (objectClass=posixGroup)
groupUIDAttribute: dn
groupNameAttributes: [ cn ]
groupMembershipAttributes: [ memberUid ]
usersQuery:
baseDN: "ou=TECH,o=xxxx,dc=xxxx,dc=com"
scope: sub
derefAliases: never
filter: (objectClass=inetOrgPerson)
userUIDAttribute: uid
userNameAttributes: [ uid ]
tolerateMemberNotFoundErrors: true
tolerateMemberOutOfScopeErrors: true

oc adm groups sync --sync-config=rfc2307_config_tolerating.yaml --confirm


vim /etc/origin/master/master-config.yaml
master-config.yaml

oauthConfig:
assetPublicURL: https://master.openshift.xxxx.com:8443/console/
grantConfig:
method: auto
identityProviders:
- challenge: true
login: true
mappingMethod: claim
name: Ldap_auth
provider:
apiVersion: v1
kind: LDAPPasswordIdentityProvider
attributes:
id:
- uid
email:
- mail
name:
- uid
preferredUsername:
- uid
bindDN: cn=Manager,dc=xxxx,dc=com
bindPassword: 12341231312121241231231231231
insecure: true
url: ldap://127.0.0.1:389/ou=TECH,o=xxxx,dc=xxxx,dc=com?uid

systemctl restart origin-master-api.service